[webkit-changes] [183142] branches/safari-600.7-branch/Source/WebKit2

[matthew_hanson]

Title: [183142] branches/safari-600.7-branch/Source/WebKit2

Revision

183142

Author

matthew_han...@apple.com

Date

2015-04-22 15:28:00 -0700 (Wed, 22 Apr 2015)

Log Message

Merge r181991. rdar://problem/20545332

Modified Paths

branches/safari-600.7-branch/Source/WebKit2/ChangeLog
branches/safari-600.7-branch/Source/WebKit2/WebProcess/WebCoreSupport/WebFrameLoaderClient.cpp

Diff

Modified: branches/safari-600.7-branch/Source/WebKit2/ChangeLog (183141 => 183142)

--- branches/safari-600.7-branch/Source/WebKit2/ChangeLog	2015-04-22 22:25:27 UTC (rev 183141)
+++ branches/safari-600.7-branch/Source/WebKit2/ChangeLog	2015-04-22 22:28:00 UTC (rev 183142)
@@ -1,5 +1,58 @@
 2015-04-22  Matthew Hanson  <matthew_han...@apple.com>
 
+        Merge r181991. rdar://problem/20545332
+
+    2015-03-25  Chris Dumez  <cdu...@apple.com>
+
+            [WK2] WebFrameLoaderClient::dispatchDecidePolicyForResponse() should always call the FramePolicyFunction
+            https://bugs.webkit.org/show_bug.cgi?id=143036
+            <rdar://problem/20252438>
+            <rdar://problem/13811738>
+
+            Reviewed by Alexey Proskuryakov.
+
+            WebFrameLoaderClient::dispatchDecidePolicyForResponse() should always
+            call the FramePolicyFunction. Previously, it would fail to do in 2
+            cases:
+            - m_frame->page() returns null
+            or
+            - webPage->sendSync() returns false
+
+            If the FramePolicyFunction is not called, we will fail to clear the
+            callback in the PolicyChecker and
+            DocumentLoader::continueAfterContentPolicy() will not be called.
+
+            DocumentLoader::continueAfterContentPolicy() is in charge of resetting
+            m_waitingForContentPolicy flag to false. This could therefore explain
+            the following assertion being hit in DocumentLoader::detachFromFrame()
+            (see <rdar://problem/20252438>):
+            RELEASE_ASSERT(!m_waitingForContentPolicy)
+
+            Also, as the PolicyChecker callback is not cleared, it could make it
+            possible for DocumentLoader::continueAfterContentPolicy() to be called
+            *after* the load is finished, when later canceling the PolicyCallback:
+            FrameLoader::stopAllLoaders()
+             -> PolicyChecker::stopCheck()
+              -> PolicyCallback::cancel()
+               -> DocumentLoader::continueAfterContentPolicy(PolicyIgnore)
+
+            Calling continueAfterContentPolicy(PolicyIgnore) after the load is
+            finished would be bad and could explain some of the crashes we've seen
+            in DocumentLoader::continueAfterContentPolicy() ->
+            DocumentLoader:: stopLoadingForPolicyChange() (see
+            <rdar://problem/13811738>).
+
+            This patch also applies the same fix to
+            dispatchDecidePolicyForNewWindowAction() and
+            dispatchDecidePolicyForNavigationAction() as they use the same pattern.
+
+            * WebProcess/WebCoreSupport/WebFrameLoaderClient.cpp:
+            (WebKit::WebFrameLoaderClient::dispatchDecidePolicyForResponse):
+            (WebKit::WebFrameLoaderClient::dispatchDecidePolicyForNewWindowAction):
+            (WebKit::WebFrameLoaderClient::dispatchDecidePolicyForNavigationAction):
+
+2015-04-22  Matthew Hanson  <matthew_han...@apple.com>
+
         Merge r181812. rdar://problem/20557289
 
     2015-03-20  Beth Dakin  <bda...@apple.com>

Modified: branches/safari-600.7-branch/Source/WebKit2/WebProcess/WebCoreSupport/WebFrameLoaderClient.cpp (183141 => 183142)

--- branches/safari-600.7-branch/Source/WebKit2/WebProcess/WebCoreSupport/WebFrameLoaderClient.cpp	2015-04-22 22:25:27 UTC (rev 183141)
+++ branches/safari-600.7-branch/Source/WebKit2/WebProcess/WebCoreSupport/WebFrameLoaderClient.cpp	2015-04-22 22:28:00 UTC (rev 183142)
@@ -653,8 +653,10 @@
 void WebFrameLoaderClient::dispatchDecidePolicyForResponse(const ResourceResponse& response, const ResourceRequest& request, FramePolicyFunction function)
 {
     WebPage* webPage = m_frame->page();
-    if (!webPage)
+    if (!webPage) {
+        function(PolicyIgnore);
         return;
+    }
 
     if (!request.url().string()) {
         function(PolicyUse);
@@ -680,8 +682,10 @@
     unsigned syncSendFlags = IPC::InformPlatformProcessWillSuspend;
     if (WebPage::synchronousMessagesShouldSpinRunLoop())
         syncSendFlags |= IPC::SpinRunLoopWhileWaitingForReply;
-    if (!webPage->sendSync(Messages::WebPageProxy::DecidePolicyForResponseSync(m_frame->frameID(), response, request, canShowMIMEType, listenerID, InjectedBundleUserMessageEncoder(userData.get())), Messages::WebPageProxy::DecidePolicyForResponseSync::Reply(receivedPolicyAction, policyAction, downloadID), std::chrono::milliseconds::max(), syncSendFlags))
+    if (!webPage->sendSync(Messages::WebPageProxy::DecidePolicyForResponseSync(m_frame->frameID(), response, request, canShowMIMEType, listenerID, InjectedBundleUserMessageEncoder(userData.get())), Messages::WebPageProxy::DecidePolicyForResponseSync::Reply(receivedPolicyAction, policyAction, downloadID), std::chrono::milliseconds::max(), syncSendFlags)) {
+        function(PolicyIgnore);
         return;
+    }
 
     // We call this synchronously because CFNetwork can only convert a loading connection to a download from its didReceiveResponse callback.
     if (receivedPolicyAction)
@@ -691,8 +695,10 @@
 void WebFrameLoaderClient::dispatchDecidePolicyForNewWindowAction(const NavigationAction& navigationAction, const ResourceRequest& request, PassRefPtr<FormState> formState, const String& frameName, FramePolicyFunction function)
 {
     WebPage* webPage = m_frame->page();
-    if (!webPage)
+    if (!webPage) {
+        function(PolicyIgnore);
         return;
+    }
 
     RefPtr<API::Object> userData;
 
@@ -721,8 +727,10 @@
 void WebFrameLoaderClient::dispatchDecidePolicyForNavigationAction(const NavigationAction& navigationAction, const ResourceRequest& request, PassRefPtr<FormState> prpFormState, FramePolicyFunction function)
 {
     WebPage* webPage = m_frame->page();
-    if (!webPage)
+    if (!webPage) {
+        function(PolicyIgnore);
         return;
+    }
 
     // Always ignore requests with empty URLs. 
     if (request.isEmpty()) {
@@ -782,8 +790,10 @@
         documentLoader = static_cast<WebDocumentLoader*>(coreFrame->loader().documentLoader());
 
     // Notify the UIProcess.
-    if (!webPage->sendSync(Messages::WebPageProxy::DecidePolicyForNavigationAction(m_frame->frameID(), documentLoader->navigationID(), navigationActionData, originatingFrame ? originatingFrame->frameID() : 0, navigationAction.resourceRequest(), request, listenerID, InjectedBundleUserMessageEncoder(userData.get())), Messages::WebPageProxy::DecidePolicyForNavigationAction::Reply(receivedPolicyAction, newNavigationID, policyAction, downloadID)))
+    if (!webPage->sendSync(Messages::WebPageProxy::DecidePolicyForNavigationAction(m_frame->frameID(), documentLoader->navigationID(), navigationActionData, originatingFrame ? originatingFrame->frameID() : 0, navigationAction.resourceRequest(), request, listenerID, InjectedBundleUserMessageEncoder(userData.get())), Messages::WebPageProxy::DecidePolicyForNavigationAction::Reply(receivedPolicyAction, newNavigationID, policyAction, downloadID))) {
+        function(PolicyIgnore);
         return;
+    }
 
     // We call this synchronously because WebCore cannot gracefully handle a frame load without a synchronous navigation policy reply.
     if (receivedPolicyAction)

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes